By way of known examples may be cited routing, management of resources, quality of service, security control, observation of certain contents, and billing of use of the communication means.
Routing is essentially applied at the network level to steer the communication data from a sender to a receiver. In circuit switching, it is performed by signaling which establishes a fixed end-to-end physical link. In packet switching, an address such as an IP address, makes it possible to pass through several networks embodied by possibly different physical layers without it being necessary to monopolize a physical line for the entire communication. In cell switching such as afforded by the ATM protocol, the establishment of a virtual circuit reconciles the speed offered by circuit switching with the optimal utilization of physical resources that is offered by packet switching. Typically, routing relies essentially on predetermined network addresses based on concepts of geographical location. There is a movement in requirements toward growing abstraction of network services. Techniques exist which already provide solutions to some of these requirements, such as, for example, those of virtual local area networks (VLAN standing for Virtual Local Area Network). However, the actions performed by a router for steering data still remain broadly conditioned by relatively fixed criteria such as prior specifications of architecture and of addresses for allocating a virtual local area network to a predetermined enterprise. It may be desirable for a virtual network to be linked to a particular application, to a type of data or else to a specific service. Unfortunately, the adoption of such an approach is unfavorable by reason of its complexity of deployment and of administration.
The management of resources and of quality of service consists in performing actions such as those for allocating a throughput or a level of priority of transmission to a syntactic data flow. A syntactic flow corresponds to a set of packets identified by network, transport or even session level criteria. The management of resources and of quality of service based on recognition of syntactic flow is not satisfactory if one wishes to achieve it at application level as a function of a service provided such as the continuous restitution of music or of films (audio or video streaming), the membership of a virtual network, of a group of exchanges, a communicated content coding such as for example that prescribed by the G721 coding and sound compression standard, the identification of a user or of a keyword for purchasing bandwidth on a determined communication. The same syntactic flow can transport data of different types. For example, an http flow displayed on a client station exhibits firstly textual data to the detriment of the images which are displayed when the capacity of the system is progressively freed. An allocation of unique bandwidth to the whole of a syntactic flow is not satisfactory although a small bandwidth suffices for transmission of textual data and a large bandwidth is better suited for transmission of visual or audible data.
Security control comprises the actions performed on the digital communication data transmitted so as to reserve access for same or broadcasting to only authorized persons. Firewalls which prohibit or allow data packets as a function of recognition of network addresses such as IP, of transport ports such as TCP or UDP. Such criteria pose difficulties for the applications which use dynamically negotiated ports. For example, in the case of the FTP protocol, a command connection is first opened generally on the TCP21 port. This connection allows a client to connect up to a server, to navigate through the remote file system tree and to perform inquiries (GET) on the server. When the client performs an inquiry, the server informs the client of a particular port to which he must connect to recover the desired file, thereby opening a data connection. The transaction takes place on this dynamically negotiated port but it is impossible to recognize the FTP protocol by analyzing this connection since the latter has no particular header. Only the binary data of the file exchanged travel across. It is then necessary to analyze the complete content of the command session in order to ascertain all the data connections. The same holds for the number of protocols covered by the H.323 standard relating to multimedia systems and for real-time application connections (RTP). When an H.323 session is initiated, a dynamic port is allotted with the aid of the H.245 protocol relating to the user interface control, to define the RTP connection over which voice and/or video travel. It is possible to dispense with prior knowledge of the port since a particular header used for each voice packet makes it possible to recognize the RTP connection.
Among the security actions performed on digital communication data are also known, in the field of cryptography, those of encryption, signature, or authentication of messages. It is usually the application managing the messages which triggers the cryptographic actions. There also exist means of triggering cryptographic actions at the network level such as IPSEC, for example, to encrypt data sent over a wide area network from a local area network. The triggering criteria here still remain on flows of syntactic type. It is difficult to trigger a posteriori, independently of the application, actions of encryption or of authentication on digital communication data on the most sensitive parts of their content to save on computational resources, for example.
Observation of the contents (monitoring) is useful for performing statistics on the error rates, the information volumes conveyed or the meaning of the information exchanged. The control of behavior forms part of this type of communicating function. Here again, the choice of observing this or that content is made essentially per syntactic flow. The observation actions are sometimes even triggered on the whole set of communication data without any fine distinction with regards to what they relate to. More targeted observation actions would be useful for their sorting with a view to their utilization.
The problems alluded to hereinabove are found in other communication functions such as the billing of the use of communication means or the compressing of data. Generally, it is the application level which triggers the data compression and decompression actions. It is also possible to trigger a compression action at the transport level, for example, on all the communication data steered through a specially dedicated port. However, such an approach remains of a syntactic nature which is hardly or poorly suited to higher functional levels.
Moreover, each communication function generally forms the subject of a development and often of a specific deployment by previously defining the actions to be triggered and the syntactic flows to be considered. This lacks flexibility for widening the breadth of the communication functions.